TON Blockchain Stack Exhaustion Vulnerability in Virtual Machine Allowing Denial-of-Service

A stack exhaustion vulnerability causing denial-of-service (DoS) has been identified in the TON Virtual Machine (TVM) prior to version 2024.10. This vulnerability arises from improper management of vmstate and continuation jump instructions, enabling continuous dynamic tail calls. An attacker can exploit this by creating a smart contract with deeply nested jump logic. Even within allowed gas limits, this nested execution depletes the host process's stack, leading to a crash of the validator node and causing disruptions in the TON blockchain network.

Impact

Exploitation of this vulnerability causes the validator node to crash, leading to a denial-of-service condition on the TON blockchain network.

Reproduction

To reproduce this vulnerability, deploy a smart contract on the TON blockchain that includes deeply nested continuation jumps. This can be done by manipulating ordinary and extraordinary continuations to create a nested structure that exceeds the stack limit of the host process. Once the contract is executed, the validator node will run out of stack space and crash, demonstrating the denial-of-service impact of the vulnerability.

Remediation

Users can upgrade to TON Blockchain version 2024.10 or later, where this vulnerability has been fixed. The update is available in the official release on the TON GitHub repository.